The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The United States division of Samsung has been charged with deceiving the US government into believing that several of its products met the necessary US government policies, resulting in the US government buying unauthorised Chinese-made electronics . The South Korean electronics giant has agreed to pay the Government $2.3 million in fines to settle the charges of violating trade agreements, the Justice Department announced Tuesday. Under federal contracting rules, Government agencies are only required to purchase products made in the United States or in countries that have a trade agreement with the United States. Federal agencies purchased products from Samsung through authorised resellers, believing they were manufactured in South Korea or Mexico, comply with government procurement rules — namely the US trade agreement act. SAMSUNG LIED TO U.S GOVERNMENT Despite complying with the terms of the contract, Samsung was found to have breached the US government bet...

Hacking Internet of Things (IoTs) have become an amazing practice for cyber criminals out there, but messing with Traffic lights would be something more crazy for them. The hacking scenes in hollywood movies has just been a source of entertainment for the technology industry, like we've seen traffic lights hacked in Die Hard and The Italian Job , but these movies always inspire hackers to perform similar hacking attacks in day-to-day life. Security researchers at the University of Michigan have not only hacked traffic light signals in real life, but also claimed that it's actually shockingly easy to perform by anyone with a laptop and the right kind of radio. If we compare the traffic light hacks in movies and real life, the reality is much easier. In a paper study published this month, the security researchers describe how a series of major security vulnerabilities in traffic light systems allowed them to very easily and very quickly seized control of the whole system of at ...

Network security practitioners rely heavily on intrusion detection systems (IDS) to identify malicious activity on their networks by examining network traffic in real time. IDS are available in Network (NIDS) and Host (HIDS) forms, as well as for Wireless (WIDS). Host IDS is installed via an agent on the system you are monitoring and analyzes system behavior and configuration status. Network IDS inspects the traffic between hosts to find signatures of suspicious behavior and anomalies. Wireless IDS identifies rogue network access points, unauthorized login attempts, encryption-level in use, and other anomalous behavior. There are many options for open source IDS tools if your budget for buying new tools is tight. Asset inventory and vulnerability management go hand in hand with IDS. Knowing the role, function, and vulnerabilities of your assets will add valuable context to your investigations. AlienVault Unified Security Management (USM) includes IDS integrated with asset di...

If you have jailbroken your iPhone, iPad, or iPod touch and have downloaded pirated tweaks from pirated repositories, then you may be infected by "AdThief" malware, a Chinese malware that is now installed on more than 75,000 iPhone devices. According to a recent research paper published on Virus Bulletin by the Security Researcher Axelle Apvrille , the malware, also known as " spad ," was first discovered by security researcher Claud Xiao in March this year. Till now, AdThief aka Spad malware has hijacked an estimated 22 million advertisements and stealing revenue from developers on the iOS jailbreak community, Axelle Apvrille says. The malware allegedly infects iOS jailbroken devices by disguising itself as Cydia Substrate extension, presents only on jailbroken Apple devices, when a malware infected Cydia package is downloaded and installed by the unsuspecting user. Once installed, the malware modifies certain advertisements displayed on your iOS devi...

Google has been involved in several controversies including among the companies that was claimed to cooperate with US surveillance agencies on their global data-mining programmes, and just yesterday the popular Media tycoon Rupert Murdoch labeled Google worse than the NSA , saying " NSA privacy invasion bad, but nothing compared to Google. " Now another, but already known controversy over the Internet giant has raised many concerns over privacy of users who carry their smartphones with them. We all have sensors in our pockets that track us everywhere we go i.e. Smartphones. GOOGLE TRACKS YOU EVERYWHERE YOU GO - LOCATION HISTORY Today, with the help of these sensors, Google is tracking our every foot steps and placing a red dot on its map to keep track of users' records, Junkee.com reports. " You can yourself check your every move from here. You just need to log in with the same account you use on your Smartphone, that's it. The map will display all the records of everyw...

A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption  to secure email. Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption , instead we are bringing to you what Security researcher has argued about its fundamental implications.  PGP or Pretty Good Privacy , a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security , as well as Authenticity . Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages. But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services. A respected research p...